cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

Popup Hotspot Using ISR 1000 with WiFi/LTE for Teleworkers and Micro Branchesr

Ask Me Anything – How to Enable Network Connectivity to Remote Workers

What debugs to collect for 5760/3850 CWA issue with ISE

901
Views
5
Helpful
0
Comments
Below are some useful debugs to collect while working with TAC for CWA issue.
 
Description: these debugs are mainly for a scenario in which the end device is stuck in a redirect loop. Clients connect to CWA ssid and gets the AUP page with accept button. clicks on accept button and gets the AUP page again.
 
Here are the debugs/traces/show commands we plan to use on 5760, ISE and client side.
 

5760:

set trace group-wireless-secure filter mac xxxx.xxxx.xxxx
set trace aaa wireless events level debug
set trace aaa wireless events filter mac xxxx.xxxx.xxxx
set trace group-wireless-secure level debug

 

debug client mac-address
debug aaa wireless all
debug ip http transactions
debug ip http url
debug ip socket error
debug authentication all
debug authentication feature spi al
debug epm all
debug epm plugin acl all
debug epm plugin redirect all
debug epm plugin redirect detail

 

“log to buffer" “save to ftp" “confirm debug level"
logging buffered 16000000
no logging rate-limit

 

show wireless client mac-address detail
show authentication session mac detail
show platform acl le | be

 

CLIENT SIDE:

Wireshark if possible on laptop during failure and working.

Client mac address, model, ios and browser type on all clients being tested/reported.

Verify it works when opening new tab or new browser and if original browser fails does it work if you go back to original browser.
 

ISE:

 

GUI > Administration > logging > debug log config > click on node > runtime-aaa = debug.

GUI > Administration > logging > debug log config > click on node > > guestportal = debug

GUI > Administration > logging > debug log config > click on node >> guestauth = debug

 

After issue happen go to Operations > download logs > click on node > click on ‘include debug logs’ and ‘include monitoring and reporting logs.

Add encryption key then create support bundle. After completion, download the bundle.

TCPDump > operations > troubleshoot > tools > tcpdump > select node > filter = udp port 1700.

Reports,

Operations > reports > Radius Authentications > filter = endpoint ID = mac address > RUN.

CreatePlease to create content
Content for Community-Ad

Cisco COVID-19 Survey